Microsoft Security Copilot Early Access Program Frequently Asked Questions

General information

What is Microsoft Security Copilot?

Microsoft Security Copilot is an AI cybersecurity product that enables security professionals to respond to threats quickly, process signals at machine speed, and assess risk exposure in minutes. 

How is Microsoft Security Copilot different from other AI security products?

Security Copilot is the only security AI product that combines a specialized large language model (LLM) with security-specific capabilities from Microsoft. Security Copilot’s capabilities incorporate a growing set of security-specific skills informed by Microsoft’s unique global threat intelligence and more than 65 trillion daily signals.

Does Microsoft Security Copilot work with other Microsoft Security products?

Yes. Security Copilot works with other Microsoft Security products, including but not limited to Microsoft 365 Defender, Microsoft Sentinel, Microsoft Intune, and Microsoft Defender Threat Intelligence. Security Copilot uses the data and signals from these products to generate customized guidance.

Does Security Copilot include access to Microsoft Defender Threat Intelligence (MDTI)?

Yes. All threat intelligence data from Microsoft Defender Threat Intelligence (MDTI) powers Security Copilot – at no extra cost. Security Copilot will include MDTI access via API, MDTI Workbench and MDTI analyst seats (same number as Security Copilot seats) at no extra cost. MDTI standalone SKUs continue to be available for customers who don't want to purchase Security Copilot.

Who are the intended users of Security Copilot through the Early Access Program?

SOC analysts are the intended users of Security Copilot during the Early Access Program.

How much will Security Copilot cost once it’s GA?

We'll make pricing information available prior to the GA announcement. Stay tuned for an ETA.

What languages are supported?

The Security Copilot Early Access Program will initially be supported only in English. We'll support extra languages in the future.

What will happen to customer data and progress after the Early Access Program ends?

If Security Copilot is purchased when it becomes Generally Available (GA), customers can continue to use these capabilities. If a customer decides not to purchase the GA version of the product, their data will be purged after a period of time in accordance with our data retention policy.

How will Microsoft communicate updates including new features, product improvements, bug fixes, security updates, and other information to Early Access Program customers?

Early Access Program customers are onboarded, subject to opting in and having an active NDA in place, to the Early Access Program Community. Product updates are posted to the Early Access Program Community.

I work with a managed security service provider (MSSP). Can they use and manage Security Copilot on my behalf?

Yes, MSSPs that provide SOC services for customers are able to access the customer's Security Copilot environment and participate alongside their customer in the early access program as an extension of their own security team, if the customer elects to provide access. (Bring your Own MSSP).

How would MSSPs get access to the Security Copilot Early Access Program if they're managing a customer SOC?

Here are the prerequisites for an MSSP to manage a Security Copilot instance in a customer tenant: 

• The MSSP has established a delegation relationship (via Guest Access) with the customer tenant.

• The customer has already purchased the necessary Security Copilot licenses for the managed tenant.

• The delegated user from the MSSP will be granted access to Security Copilot in the customer tenant (example, delegated access to security reader and/or security operator role).

• The delegation set-up provides the user with all the necessary roles needed to access the Security Copilot functionality.

  • Suggested roles are security reader or security operator.

How many licenses can customers assign to an MSSP who supports their team? 

Customers can assign as many licenses as needed to their MSSP of record. The MSSP leverages the same resources that are allocated to the customer, on behalf of the customer.

What is the difference between ChatGPT and Security Copilot?

ChatGPT and Security Copilot are both artificial intelligence (AI) technologies that were developed with the intent of helping users accomplish tasks and activities faster and more efficiently. While they might seem similar, there are significant differences between the two.

ChatGPT is a natural language processing technology that uses machine learning, deep learning, natural language understanding, and natural language generation to answer questions or respond to conversations. ChatGPT works off data trained from the Internet, uses prompts from users to aid in prompt engineering and model adjustments, and is limited to three concurrent plugins.

Security Copilot is a natural language, AI-powered security analysis tool designed to help organizations defend against threats at machine speed and scale. Security Copilot is built on OpenAI technology, is designed and engineered as an enterprise cyber AI from the ground up. The platform works off of customer connected plugins and Microsoft's global threat intelligence as grounding data. Entered prompts don't inform the model or prompt engineering unless submitted by the customer for review.

A key difference between ChatGPT and Security Copilot is what the systems are designed to accomplish. Microsoft Security Copilot is designed for posture management, incident response, and reporting by drawing insights from security signals aggregated from plugins, while ChatGPT works like a chatbot designed to hold a conversation with a user.

Security Copilot has access to up-to-date information from threat intelligence and draws insights from plugins so that security professionals are better equipped at defending against threats. Microsoft Security Copilot doesn't always get everything right and as with all AI tools, responses can contain mistakes. The built-in feedback mechanism provides users with control in helping improve the system.

Purchase information

How do I complete the purchase?

You use an online purchase experience in the Microsoft 365 admin center. During this purchase experience, you'll need to agree to the Microsoft Customer Agreement (MCA) if you don't already have one. There are also supplemental terms for the Early Access Program. You can work with your account team to review these documents in advance.

How am I invoiced and how do I pay?

The Microsoft Security Copilot Early Access Pass is a one-time invoice and purchase, and there are no extra usage fees associated with the program. You'll have 21 days to complete the purchase. If you need to complete an internal PO or approval process, you can view the total price including any applicable taxes based on your billing account, and then come back and complete the purchase within the 21-day period. You'll receive your invoice on the fifth day of the month following your purchase. The invoice can be viewed in the Microsoft 365 admin center and can be paid by wire transfer. You can find your invoice in the Microsoft 365 admin center by going to Billing > Bills & payments.

Can I cancel my organization's participation in the Early Access Program? If yes, am I eligible for refund?

You have seven days to cancel the purchase. After seven days, there are no refunds available, as this is a limited time program.

What is the Microsoft Customer Agreement?

The Microsoft Customer Agreement provides a consistent and simplified purchasing experience. To learn more, see Microsoft Customer Agreement.

Does accepting the Microsoft Customer Agreement impact my existing Microsoft Enterprise Agreements?

No, the Microsoft Customer Agreement doesn't impact the terms of existing Enterprise Agreements.

Licensing information

My organization has multiple tenants. Can I assign licenses across tenants?

No. During the Early Access Program, Security Copilot can only be deployed in one tenant and licenses can only be assigned to users in that tenant.